step-functions-state-machine-logging-enabled - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Checks if Amazon Step Functions machine has logging enabled. The rule is NON_COMPLIANT if a state machine does not have logging enabled or the logging configuration is not at the minimum level provided.


Resource Types: AWS::StepFunctions::StateMachine

Trigger type: Configuration changes

Amazon Web Services Region: All supported Amazon regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Amazon GovCloud (US-East), Amazon GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region


cloudWatchLogGroupArns (Optional)
Type: CSV

Comma-separated list of Amazon Resource Names (ARNs) for Amazon CloudWatch Logs log groups. The rule checks if the specified log groups are configured for your state machine logs.

logLevel (Optional)
Type: String

The minimum log level for your state machine. Valid values include: ALL, ERROR, FATAL.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.